المملكة: Entering headquarters and accessing networks.. “Cybersecurity" Introduces new oversight mechanisms – urgent
The National Authority proposed For cybersecurity Draft rules for controlling and investigating cybersecurity violations via the “Reconnaissance” platform"With the aim of defining clear mechanisms for oversight and inspection, and ensuring immediate dealing with any violations, in a way that preserves national cybersecurity and protects technical infrastructure.
The authority confirmed that the new rules will apply to all natural and legal persons subject to its provisions, explaining that the inspectors will be appointed by decision of the governor of the authority, and they will have an official legal status that allows them to exercise their duties.
Powers and controls of the inspectors
The rules granted the inspectors Comprehensive powers to perform their duties, whether they work together or individually. These include PowersEnter sites and facilities, and have full access to networks, IT systems, and operational technologies, including inspecting devices, equipment, and software, and viewing data, documents, and backup copies.
The rules also authorize them to collect evidence, photocopy documents, and seize Documents or records or even technical systems that are suspected of being used to commit a violation, while giving them the right to take any additional measures they deem necessary to complete the control and investigation tasks.
On the other hand, the rules obligated inspectors to adhere to precise controls, the most important of which is proving their official status before starting any task, and fully adhering to the regulations and rules issued by the authority. The need to maintain the confidentiality of the information, data and evidence they access is stressed, and to prevent their disclosure to any party without written approval from the Authority, and this commitment continues even after the end of the mission.
The rules stipulate that official inspection reports be drawn up to document all procedures, and to monitor any cases of prevention or obstruction to the work of inspectors. In the event of suspicion of cybercrimes, immediate reports are submitted to the Authority in preparation for referring them to the competent authorities.
Threats and Investigation Mechanisms
To ensure a rapid response to threats, the Authority indicated that in urgent cases that require immediate intervention, the Governor of the Authority or his representative may issue a decision to suspend or stop any cyber activity, network, or technical system that constitutes a security threat.
With regard to investigation mechanisms, the Authority may request statements. Written or verbally from the relevant parties, summoning any person associated with the violation for investigation, and writing official reports. If sufficient evidence is available that the violation has occurred, it will be referred to the competent prosecution authority within the Authority.
The rules stress the commitment of all entities and individuals included in them to fully cooperate with representatives of the Authority, provide all facilities, and prevent any obstruction to their work. This includes submitting the required documents within the specified periods, while prohibiting tampering with or destroying any records.
The Authority stressed that the parties must sign the official records, maintain the confidentiality of the investigation work, and prevent the circulation of any information about it. The rules also allow the use of electronic means in all procedures, and the use of public or private entities to carry out oversight tasks when needed.
- For more: Follow Khaleejion 24 Arabic, Khaleejion 24 English, Khaleejion 24 Live, and for social media follow us on Facebook and Twitter
